A vulnerability was found in WishList Products WishList Member X Plugin up to 3.29.0 on WordPress and classified as critical . Affected by this issue is some unknown functionality. Such manipulation leads to unrestricted upload. This vulnerability is referenced as CVE-2026-25446 . It is possible to launch the attack remotely. No exploit is available.